The current rules on cookies stem from the ePrivacy Directive (2002 – revised 2009) also commonly known as the European Cookie Law.
If you have a website or webshop, you are subject to the rules on cookies regardless of your site being business, government, or privately owned.
The ePrivacy Directive clearly states that websites in Europe must collect their users’ consent (to cookies) to be able to store cookies onto the users’ computers and smartphones.
At the same time, you must collect your visitors’ consent to cookies set from your website.
The consents must be stored securely for 5 years and will come in handy if you are subject to an oversight or inquiry by your national Data Protection Authority. In this case, they will want to see the documentation for your cookie consents.
Remember that the requirements for collecting and processing personal information have tightened with the General Data Protection Regulation (GDPR).